Intrusion detection system using hybird gsa-k-means

Abstract

Security is an important aspect in our daily life. Intrusion Detection Systems (IDS) are developed to be the defense against security threats. Current signature based IDS like firewalls and antiviruses, which rely on labeled training data, generally cannot detect novel attacks. The purpose of this study is to improve the performance of IDS in terms of detection accuracy and reduce False Alarm Rate (FAR). Clustering is an important task in data mining that is used in IDS applications to detect novel attacks. Clustering refers to grouping together data objects so that objects within a cluster are similar to one another, while objects in different clusters are dissimilar. K-Means is a simple and efficient algorithm that is widely used for data clustering. However, its performance depends on the initial state of centroids and may trap in local optima. The Gravitational Search Algorithm (GSA) is one effective method for searching problem space to find a near optimal solution. In this study, a hybrid approach based on GSA and k-Means (GSA-kMeans), which uses the advantages of both algorithms, is presented. The performance of GSA-kMeans is compared with other well-known algorithms, including k-Means and Gravitational Search Algorithm (GSA). Experimental results on the KDDCup 1999 dataset have demonstrated that the proposed method is more efficient in the detection of intrusive behavior than conventional k-Means and standard GSA which shows 80.62% detection accuracy and 7.45% FAR